Lack of proper web security and failure to update software give hackers a field day By Nadia Fazlulhaq Visiting websites to obtain information is a growing trend in the country, but so is the risk of being hacked, warn web security experts. This warning follows a recent series of government and private websites being hacked.The [...]

News

Beware! Bangladeshi Grey Hat, Jones and others on the prowl

View(s):

Lack of proper web security and failure to update software give hackers a field day

By Nadia Fazlulhaq

Visiting websites to obtain information is a growing trend in the country, but so is the risk of being hacked, warn web security experts.

This warning follows a recent series of government and private websites being hacked.The first week of January saw the hacking and defacing of 22 government websites that were sub domains of the north central province (nc.gov.lk) by a group of hackers calling itself, ‘Bangladeshi Grey Hat Hackers’.

On January 4, a hacker called ‘Davy Jones’ hacked into the site of Sri Lanka Foreign Employment Bureau. A similar attack was directed at the Ports Authority website on January 24, by hacker Jones.

The State television channel Rupavahini was the next victim of a series of hacking. According to the hacker, the Board of Investment(BOI) site was among his latest targets where he said that information of about 2000 investors were taken from the site.

“..database contains more than 2000 investors data and staff data’s and all important documents and everything breached..,”the hacker said in his paste bin post with regard to the BoI site.

The same hacker who claimed to have hacked another television website said, “..i extracted all data with 1000 email ids and passwords, most of the passwords match to email login …”

The Nelum Pokuna Mahinda Rajapaksa Theatre site and Sports Minister Mahindananda Aluthgamage’s site were the others hacked by him last week.

On January 17, a hacker calling himself ‘Game Over’ hacked the Media Centre for National Security (MCNS) and defaced the website’s home page. The site could not be accessed even on Friday (Feb 01).

Among the private sites claimed to have been hacked by Jones are a leasing company, a news site, the site of a weekly newspaper and several attacks by enumerating domain name servers of several telecommunication service providers’ websites.

Meanwhile Sri Lanka Computer Emergency Response Team’s Information Security Engineer Roshan Chandragupta said that many of the sites claimed to have been hacked had not requested the response team to look into their sites.
“Most of the site owners did not ask us to inspect their sites to check whether they had been hacked or not. We checked the BoI site and could not find any evidence that it was hacked or data had been leaked,” he said.

He added that many websites, both government and private sites do not conduct vulnerability assessments or update frequently.

“Most software vendors give an update on any new development and threats, therefore it is important to update the sites accordingly. Unfortunately in some government sites, developers are given a one-year contract to develop the site but after the year’s completion the site is left without any security updates,” Mr. Chandragupta said.

The Sunday Times learns that SLCERT received about 1,150 complaints last year about Face Book postings, hacking and leaking of information from emails and websites.  This is a huge increase from 50 complaints received regarding internet in 2008.

According to the Telecommunication Regulatory Commission in 2002, there were about 73, 000 email and internet subscribers in the country, by last year this had increased to 1.2 million.

In addition to defacing the frontal view of the website, hackers can also introduce malware, like viruses, leak information and admin user names or passwords, use information on the site to commit fraud and initiate hate/threat mail etc.
Prof. Gihan Dias at the Moratuwa University’s Computer Science and Engineering Department said lately there had been an increase in the incidents of hacking state websites worldwide.

“The importance of internet is growing at the same time there is a growing tendency among those who know hacking, to show that they are capable of hacking or defacing a government site.

“The country is facing a shortage of web security professionals and all want to have a website at a low cost,” he said.
Another expert Dr. Sameera de Alwis said due to the low budget allocated to maintaining sites, professional help was not sought to develop sites or strengthen security.




Share This Post

DeliciousDiggGoogleStumbleuponRedditTechnoratiYahooBloggerMyspace
comments powered by Disqus

Advertising Rates

Please contact the advertising office on 011 - 2479521 for the advertising rates.